Expand +



HR 2013 tip: Security reports to identify users' access to sensitive HR data

by Molly Brien

July 24, 2013

How do you quickly identify users who have access to sensitive employee data?

This is just one of the questions covered by Accenture's Prashant Rastogi in his upcoming session at HR 2013 Singapore, "How to Get the Most Out of Standard HR Security Functionality in Your SAP System."
In addition to going over key HR security concepts (including HR table and data access, self-service roles, and user/role assignments) and tips for troubleshooting security, the session will also give attendees practical examples and views into the security reports to quickly review which users have access to sensitive HR data.

Here is a quick overview of three reports you should know:

  • Report RSUSR008_009_NEW can be used to identify users with access to sensitive data of employees
    • RSUSR008_009_NEW  can also be accessed from transaction SUIM>User Information System>User>With Critical Authorizations
    • Administrators & HR team can decide which authorizations can be called as sensitive
      • Example: (a) users with change access of infotype 0008 or basic pay, (b) users with access to creation of "users" and also allowed to assign “roles,” etc.
    • Report RSUSR008_009_NEW can be executed for "users" with critical authorizations" as well as "roles with critical authorizations"
  • Report RSUSR008_009_NEW or transaction SUIM can be used to configure critical or sensitive authorizations  
    • Configuration to identify critical/sensitive authorizations are attached to variants
      • We can start the report for a variant or a combination of variants to obtain a list of users or roles that meet these criteria
      • Variants can also be tested on home screen to know if the configuration is correct
  • Transaction S_BCE_68001400 or report Users by Complex Selection Criteria can also identify users with access to sensitive/critical data
    • You can also find the report using transaction SUIM>User Information System>User>Users by Complex Selection Criteria> Users by Complex Selection Criteria
    • Unlike Report RSUSR008_009_NEW, variant configuration isn’t an option here. However, we can still create screen variants to identify different scenarios to identify users with critical or sensitive authorizations

For more HR security tips, along with sessions on SAP ERP HCM and SuccessFactors implementations and updates, join us at HR 2013 Singapore this September.

An email has been sent to:

More from SAPinsider


Please log in to post a comment.

No comments have been submitted on this article. Be the first to comment!